From 874a30391973642d3ff350f977c1ac705644fbb0 Mon Sep 17 00:00:00 2001
From: Greg Price <price@mit.edu>
Date: Wed, 6 Aug 2008 01:07:22 -0400
Subject: [PATCH] add and respect 'adminable' column to machines

This is for selectively, temporarily, manually enabling admin mode
for a VM.  Where it's not set, admin mode now bypasses quotas and does
nothing else.

svn path=/trunk/packages/sipb-xen-www/; revision=874
---
 code/validation.py |    3 ++-
 code/webcommon.py  |    5 ++++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/code/validation.py b/code/validation.py
index 79fa10c..2e6c7c3 100644
--- a/code/validation.py
+++ b/code/validation.py
@@ -125,7 +125,8 @@ def cantAddVm(owner, g):
 
 def haveAccess(user, state, machine):
     """Return whether a user has administrative access to a machine"""
-    return state.isadmin or user in cache_acls.accessList(machine)
+    return (user in cache_acls.accessList(machine)
+            or (machine.adminable and state.isadmin))
 
 def owns(user, machine):
     """Return whether a user owns a machine"""
diff --git a/code/webcommon.py b/code/webcommon.py
index e82f790..eaf533c 100644
--- a/code/webcommon.py
+++ b/code/webcommon.py
@@ -1,6 +1,7 @@
 """Exceptions for the web interface."""
 
 import time
+from invirt import database
 from invirt.database import Machine, MachineAccess
 
 class MyException(Exception):
@@ -44,7 +45,9 @@ class State(object):
 
     def getMachines(self):
         if self.isadmin:
-            return Machine.select()
+            return Machine.query().join('acl').select_by(
+                database.or_(MachineAccess.c.user == self.username,
+                             Machine.c.adminable == True))
         else:
             return Machine.query().join('acl').select_by(user=self.username)
 
-- 
1.7.9.5